diff options
| -rw-r--r-- | media/base/limits.h | 28 | ||||
| -rw-r--r-- | media/filters/ffmpeg_audio_decoder.cc | 11 | ||||
| -rw-r--r-- | media/filters/ffmpeg_video_decoder.cc | 4 |
3 files changed, 42 insertions, 1 deletions
diff --git a/media/base/limits.h b/media/base/limits.h new file mode 100644 index 0000000..583d6dd --- /dev/null +++ b/media/base/limits.h @@ -0,0 +1,28 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Contains limit definition constants for the media subsystem. + +#ifndef MEDIA_BASE_LIMITS_H_ +#define MEDIA_BASE_LIMITS_H_ + +#include "base/basictypes.h" + +namespace media { + +struct Limits { + // For video. + static const size_t kMaxDimension = (1 << 15) - 1; // 32767 + static const size_t kMaxCanvas = (1 << (14 * 2)); // 16384 x 16384 + + // For audio. + static const size_t kMaxSampleRate = 192000; + static const size_t kMaxChannels = 32; + static const size_t kMaxBPS = 64; +}; + +} // namespace media + +#endif // MEDIA_BASE_LIMITS_H_ + diff --git a/media/filters/ffmpeg_audio_decoder.cc b/media/filters/ffmpeg_audio_decoder.cc index 07c09ac..8a7991a 100644 --- a/media/filters/ffmpeg_audio_decoder.cc +++ b/media/filters/ffmpeg_audio_decoder.cc @@ -5,6 +5,7 @@ #include "media/filters/ffmpeg_audio_decoder.h" #include "media/base/data_buffer.h" +#include "media/base/limits.h" #include "media/filters/ffmpeg_common.h" #include "media/filters/ffmpeg_demuxer.h" @@ -38,9 +39,17 @@ bool FFmpegAudioDecoder::OnInitialize(DemuxerStream* demuxer_stream) { // Grab the AVStream's codec context and make sure we have sensible values. codec_context_ = av_stream->codec; + int bps = av_get_bits_per_sample_format(codec_context_->sample_fmt); DCHECK_GT(codec_context_->channels, 0); - DCHECK_GT(av_get_bits_per_sample_format(codec_context_->sample_fmt), 0); + DCHECK_GT(bps, 0); DCHECK_GT(codec_context_->sample_rate, 0); + if (codec_context_->channels == 0 || + static_cast<size_t>(codec_context_->channels) > Limits::kMaxChannels || + bps == 0 || + static_cast<size_t>(bps) > Limits::kMaxBPS || + codec_context_->sample_rate == 0 || + static_cast<size_t>(codec_context_->sample_rate) > Limits::kMaxSampleRate) + return false; // Serialize calls to avcodec_open(). AVCodec* codec = avcodec_find_decoder(codec_context_->codec_id); diff --git a/media/filters/ffmpeg_video_decoder.cc b/media/filters/ffmpeg_video_decoder.cc index 8d54c8b..bd3ed981 100644 --- a/media/filters/ffmpeg_video_decoder.cc +++ b/media/filters/ffmpeg_video_decoder.cc @@ -2,6 +2,7 @@ // source code is governed by a BSD-style license that can be found in the // LICENSE file. +#include "media/base/limits.h" #include "media/base/video_frame_impl.h" #include "media/filters/ffmpeg_common.h" #include "media/filters/ffmpeg_demuxer.h" @@ -65,6 +66,9 @@ bool FFmpegVideoDecoder::OnInitialize(DemuxerStream* demuxer_stream) { width_ = av_stream->codec->width; height_ = av_stream->codec->height; *time_base_ = av_stream->time_base; + if (width_ > Limits::kMaxDimension || height_ > Limits::kMaxDimension || + width_ * height_ > Limits::kMaxCanvas) + return false; media_format_.SetAsString(MediaFormat::kMimeType, mime_type::kUncompressedVideo); |